chore: move main linting to oxlint (@miodec)

[Miodec]

• main linting is now done by oxlint. eslint remains for linting json files in the frontend (until oxlint adds support)
• move type checking to the lint step (with --type-check)
  this improves performance by removing a duplicated typescript parse task (instead of parsing for linting then again for type checking, it parses once for both)
• add a lint-fast npm script to get some fast fail behavior. it simply lints with no type information
• oxc plugins are still in preview, so the custom plugin that checks for __testing usage outside of tests runs outside the main linting job until performance is improved
• fixes some type issues (and config issues) that were not visible due to a missing type check on some files. now type checking will run on every file that is linted
• split up oxc config for easier management

waiting oxc-project/tsgolint#494

seeing around 3x improvement in type aware linting

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	etag@​1.8.1
	supertest@​7.1.4
	typescript@​5.9.3
	@​eslint/​json@​0.14.0

View full report

[github-actions]

Continuous integration check(s) failed. Please review the failing check's logs and make the necessary changes.

[Copilot]

Pull request overview

This PR migrates the project's main linting infrastructure from ESLint to oxlint for improved performance, achieving approximately 3x faster type-aware linting. ESLint is retained solely for linting JSON files in the frontend until oxlint adds native support.

Key Changes:

• Migrated to oxlint 1.33.0 with oxlint-tsgolint 0.9.0 for type-aware linting
• Consolidated type checking into the lint step using --type-check flag to eliminate duplicate TypeScript parsing
• Removed the standalone @monkeytype/eslint-config package
• Split oxlint configuration into modular files for better maintainability
• Added lint-fast script for quick linting without type information
• Updated all disable comments from eslint-disable to oxlint-disable syntax
• Fixed previously hidden type issues exposed by comprehensive type checking

Reviewed changes

Copilot reviewed 111 out of 112 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
turbo.json	Added lint-fast task configuration
pnpm-lock.yaml	Updated dependencies: removed eslint from root/backend/packages, added oxlint 1.33.0 and oxlint-tsgolint, upgraded frontend eslint to 9.39.1
package.json	Updated root lint scripts to use lint-fast variants, removed eslint dependency
packages/oxlint-config/*	Split configuration into modular files (enabled.jsonc, disabled.jsonc, ts-enabled.jsonc, etc.) and added custom plugin support
packages/eslint-config/*	Removed entire package as it's no longer needed
frontend/*	Migrated to new eslint.config.js for JSON-only linting, updated disable comments, fixed type issues
backend/*	Updated lint scripts, migrated disable comments, fixed type issues in DAL and controllers
.github/workflows/monkey-ci.yml	Added lint-fast step before full lint for faster feedback

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[github-actions]

Continuous integration check(s) failed. Please review the failing check's logs and make the necessary changes.

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm safer-buffer is 94.0% likely obfuscated Confidence: 0.94 Location: Package overview From: pnpm-lock.yaml → npm/[email protected] ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report